GB2366948A - Operating protocol for interoperability between wireless LANs - Google Patents
Operating protocol for interoperability between wireless LANs Download PDFInfo
- Publication number
- GB2366948A GB2366948A GB0022604A GB0022604A GB2366948A GB 2366948 A GB2366948 A GB 2366948A GB 0022604 A GB0022604 A GB 0022604A GB 0022604 A GB0022604 A GB 0022604A GB 2366948 A GB2366948 A GB 2366948A
- Authority
- GB
- United Kingdom
- Prior art keywords
- lan
- subscriber
- aaa
- operator
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W92/00—Interfaces specially adapted for wireless communication networks
- H04W92/02—Inter-networking arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W8/00—Network data management
- H04W8/26—Network addressing or numbering for mobility support
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
Abstract
User-mobility between LANs is afforded particularly by wireless LAN (W-LAN) systems, whereby a user subscribing to a LAN operated by a so-called Home Operator connects, as a "visitor", to one or more other LAN sites, basing such connection, for charging and other operational purposes, on that user's subscription with its Home Operator. The protocol of the present application links a user's identity with the address of the Home Operator, and stores this information at the visited LAN site, thereby permitting a visiting user, once authenticated by user-interaction, as a visitor with regard to a particular LAN, to revisit that LAN for as long as its authentication with the Home Operator remains sound, without the need for further user intervention.
Description
<Desc/Clms Page number 1>
LAN USER PROTOCOL This invention relates to operating protocols for Local Area Network (LAN) systems, and it relates especially to such protocols as can cope with the problems of user-mobility between LANs, as afforded particularly by wireless LAN (W-LAN) systems.
In W-LAN systems, it is often the case that a user, subscribing with one network operator (hereinafter called "the Home Operator" for that user), wishes to connect, as a " visitor", to one or more other LAN sites; basing such connection, for charging and other operational purposes, on that user's subscription with its Home Operator. This activity is commonly referred to as Wireless-LAN roaming, and existing protocols permitting the activity are cumbersome, as the necessary authentication procedure requires user intervention at each visit.
This invention provides a protocol that pen-nits a visiting user, once authenticated as a visitor with regard to a particular LAN, to revisit that LAN for as long as the user's authentication with the Home Operator remains sound, without further user intervention.
According to the invention there is provided a user protocol for W- LAN systems whereby the operator of each LAN administers home (H) network and Visitor (V) network authentication, authorisation and accounting (AAA) servers and wherein a subscriber to a first LAN wishing to connect for the first time to a second LAN conveys to the operator of the second LAN, by user intervention, information, identifying both the subscriber and the operator of the first LAN, sufficient to enable the V-AAA server of the second LAN to communicate with the H-AAA server of the first LAN so as to authenticate the proposed connection; the V-AAA storing information linking the subscriber to the operator of the first LAN for so long as the
<Desc/Clms Page number 2>
subscriber remains authorised by the operator of the first LAN, whereby subsequent connections by the subscriber to the second LAN may be made without user intervention.
This is achieved because the subscriber's identity, when announced to the second LAN as part of the routine connect procedure, is correlated by the V-AAA server with the previously -given identity of the H-AAA server for that subscriber, and the V-AAA automatically communicates with the H-AAA to derive the necessary authorisation and to organise the necessary charging, etc.
The V-AAA thus stores the subscriber/H-AAA linking data until such time as the H-AAA supplies it with information to the effect that the subscriber's authorisation is no longer valid or until an authentication transaction with the H-AAA fails. At this point the link is broken, and subsequent attempts by the subscriber to connect with the second LAN will fall, unless they are, as a result of further user-intervention, shown to be authorised by the H-AAA server of another LAN system.
Preferably, the information supplied by the subscriber, by way of user intervention, includes the subscriber's MAC address and an identifier, such as a user name or MSISDN number, that allows the operator of the subscriber's Home Network to be identified.
This permits the V-AAA server of the second LAN operator to utilise the identifier to locate the H-AAA server of the Home Operator for that subscriber, and to request the H-AAA server to authenticate the desired connection. Once this has been performed, charging information for the session can be forwarded to the H-AAA enabling the H-AAA operator to bill the user and make payment to the visited LAN reporter.
Further, when that subscriber connects to the second LAN on a subsequent occasion, the inforination held at the V-AAA server of the second LAN and linking the subscriber's address to the Home Network
<Desc/Clms Page number 3>
identifier, allows authentication of the requested connection to be effected automatically and without user intervention on the part of the subscriber.
In order that the invention may be fully understood and readily carried into effect, one embodiment thereof will now be described, by way of example only, with reference to the accompanying drawing, the single figure of which shows, in schematic form, the operation of a protocol in accordance with one embodiment of the invention.
Referring now to the drawing, there is shown schematically within the outline I a LAN operated by a first network operator A. Operator A operates H-AAA and V-AAA servers, 2 and 3 respectively, in respect of the LAN 1. Subscribers to the network I are operating on their Home Network, and thus communicate with the H-AAA server 2 for all operational and charging purposes related to connections to that LAN.
Similarly, there is shown schematically within the outline 4 a LAN operated by a second network operator B. Operator B operates H-AAA and V-AAA servers, 5 and 6 respectively, in respect of the LAN 4. Subscribers to the network 4 are operating on their Home Network, and thus communicate with the H-AAA server 5 for all operational and charging purposes related to connections to that LAN.
As indicated by the dashed line connections 7 and 8, the H-AAA server 2 is in communication with the V-AAA server 6 and, indeed with the V-AAA servers of further LAN systems (not shown) to which subscribers to the LAN I may make connection as visitors. Likewise, the H-AAA server 5 is in conununication with the V-AAA server 3 and, indeed with the V-AAA servers of further LAN systems (not shown) to which subscribers to the LAN 4 may make connection as visitors.
Within the outline I there are shown schematically first and second subscribers 9 and 10, these being subscribers of the network 4 but
<Desc/Clms Page number 4>
wishing to connect to the network 1. Likewise, within the outline 4 there are shown schematically first and second subscribers I I and 12, these being subscribers of the network I but wishing to connect to the network 4. These are visiting subscribers and, in each case and on the first occasion of such connection, there will have to be user intervention to establish the flow of sufficient information, between such subscribers and the V-AAA server of the network to which they wish to connect, to permit the necessary authorisations and charging procedures to be out in place. This user intervention and the associated information flow is indicated schematically by the dashed lines 13 - 16.
As part of the initial process setting up the relationship between each subscriber and its Home Network Operator, the subscriber is given an identifier which also identifies its Home Network in some convenient standardised way, such as NAI or MSISDN for example.
When that subscriber first seeks to connect, as a visitor, to another network, the subscriber is, as part of a setting-up procedure requiring user intervention, called upon to identify itself, for example by its MAC address or any other id that is automatically provided during normal WLAN authentication procedures, and also to enter an identifier, such as a user name or MSISDN, that allows the subscriber's Home Network to be determined. Utilising that identifier, the V-AAA server locates the H- AAA server at the subscriber's Home Network and seeks authentication of the subscriber.
Assuming that such authentication is forthcoming, the V-AAA server keeps a copy of the MAC address of the subscriber's WLAN device, along with the H-AAA identifier. This information, which links the identity of subscriber's WLAN device to that of its home network, is stored by the V-AAA for future use. Hence, when the subscriber seeks connection to that LAN on subsequent occasions, the linked
<Desc/Clms Page number 5>
identification data permits the necessary authentication to proceed without user intervention. This state of affairs persists for as long as the subscriber remains authenticated by the same Home Network, and is true for all public LANs within the administrative control of the same visitor network operator. Once authentication fails, the linked identification data are purged, with the consequence that automatic authentication of that subscriber as a visitor to a LAN will cease, unless or until the subscriber establishes, through a repeat of the initial process involving user intervention, accreditation by a new Home Operator.
The invention permits operators to add new LAN sites to their operations without modifying externally established trust relationships, and moreover to add new partner operators without modifying internal trust relationships.
It may be appropriate, depending upon the nature of any rules controlling the extent to which W-LAN subscribers can roam, to associate each MAC address (or other device identifier) with a W-LAN network type, so that MAC addresses or other identifiers that are shared by different W-LAN technologies, such as IEEE 802.11 and Bluetooth, are not ambiguous.
Although the invention has been described with regard to one particular embodiment thereof, it is not intended that the scope of the claims of this application be limited to that embodiment, and alternative arrangements will be evident in many respects to those skilled in the art. For example, the H-AAA and V-AAA servers (such as 2 and 3) associated with any given LAN need not consist of respective, stand- alone units, as shown in the drawing, but may instead be combined into a common unit.
<Desc/Clms Page number 6>
Claims (8)
- CLAIMS: 1. A user protocol for W-LAN systems whereby the operator of each LAN administers home (H) network and Visitor (V) network authentication, authorisation and accounting (AAA) servers and wherein a subscriber to a first LAN wishing to connect for the first time to a second LAN conveys to the operator of the second LAN, by user intervention, information, identifying both the subscriber and the operator of the first LAN, sufficient to enable the V-AAA server of the second LAN to communicate with the H-AAA server of the first LAN so as to authenticate the proposed connection; the V-AAA storing information linking the subscriber to the operator of the first LAN for so long as the subscriber remains authorised by the operator of the first LAN, whereby subsequent connections by the subscriber to the second LAN may be made without user intervention.
- 2. A protocol according to Claim I wherein the subscriber's identity, when announced to the second LAN as part of the routine connect procedure, is correlated by the V-AAA server with the previously-given identity of the H-AAA server for that subscriber, and the V-AAA automatically communicates with the H-AAA to derive the necessary authentication and authorisation and subsequently delivers accounting information.
- 3. A protocol according to Claim 2 wherein the V-AAA stores the subscriber/H-AAA linking data until such time as the H-AAA supplies it with information to the effect that the subscriber's authorisation is no longer valid or until an authentication transaction fails.<Desc/Clms Page number 7>
- 4. A protocol according to Claim 3 wherein, in order to re-establish connection to the second LAN, the subscriber demonstrates, as a result of further user-intervention, authorisation deriving from an H-AAA server of another LAN system.
- 5. A protocol according to any preceding claim wherein the information supplied by the subscriber, by way of user intervention, includes the subscriber's MAC address or any other automatically presented identifier and an identifier that allows the operator of the subscriber's Home Network to be identified.
- 6. A protocol according to Claim 5 wherein said identifier comprises a user name or MSISDN number.
- 7. A protocol according to Claim 5 or Claim 6 wherein the V-AAA server of the second LAN operator utillses the identifier to locate the H- AAA server of the Home Operator for that subscriber, and to request the H-AAA server to authenticate the desired connection.
- 8. A W-LAN protocol substantially as herein described with reference to the accompanying drawing.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0022604A GB2366948B (en) | 2000-09-15 | 2000-09-15 | LAN user protocol |
EP01203097A EP1199843B1 (en) | 2000-09-15 | 2001-08-03 | Lan user protocol |
DE60130857T DE60130857T2 (en) | 2000-09-15 | 2001-08-03 | User protocol for local area network |
US09/953,369 US20020034298A1 (en) | 2000-09-15 | 2001-09-17 | LAN user protocol |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0022604A GB2366948B (en) | 2000-09-15 | 2000-09-15 | LAN user protocol |
Publications (3)
Publication Number | Publication Date |
---|---|
GB0022604D0 GB0022604D0 (en) | 2000-11-01 |
GB2366948A true GB2366948A (en) | 2002-03-20 |
GB2366948B GB2366948B (en) | 2004-01-21 |
Family
ID=9899481
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB0022604A Expired - Fee Related GB2366948B (en) | 2000-09-15 | 2000-09-15 | LAN user protocol |
Country Status (4)
Country | Link |
---|---|
US (1) | US20020034298A1 (en) |
EP (1) | EP1199843B1 (en) |
DE (1) | DE60130857T2 (en) |
GB (1) | GB2366948B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008048756A2 (en) * | 2006-10-16 | 2008-04-24 | Motorola Inc. | Method and apparatus for re-registration of connections for service continuity |
EP2337388A3 (en) * | 2009-12-21 | 2011-08-31 | France Telecom | Method for secure access by at least one visitor terminal to a host network |
US8213394B2 (en) | 2006-10-16 | 2012-07-03 | Motorola Mobility, Inc. | Method and apparatus for management of inactive connections for service continuity in an agnostic access internet protocol multimedia communication |
Families Citing this family (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2002009458A2 (en) * | 2000-07-24 | 2002-01-31 | Bluesocket, Inc. | Method and system for enabling seamless roaming in a wireless network |
US7146636B2 (en) * | 2000-07-24 | 2006-12-05 | Bluesocket, Inc. | Method and system for enabling centralized control of wireless local area networks |
DE10043203A1 (en) * | 2000-09-01 | 2002-03-21 | Siemens Ag | Generic WLAN architecture |
US7126937B2 (en) * | 2000-12-26 | 2006-10-24 | Bluesocket, Inc. | Methods and systems for clock synchronization across wireless networks |
US20020136226A1 (en) * | 2001-03-26 | 2002-09-26 | Bluesocket, Inc. | Methods and systems for enabling seamless roaming of mobile devices among wireless networks |
AU2002343424A1 (en) * | 2001-09-28 | 2003-04-14 | Bluesocket, Inc. | Method and system for managing data traffic in wireless networks |
US7394795B2 (en) | 2002-03-26 | 2008-07-01 | Interdigital Technology Corporation | RLAN wireless telecommunication system with RAN IP gateway and methods |
US7489672B2 (en) | 2002-03-26 | 2009-02-10 | Interdigital Technology Corp. | RLAN wireless telecommunication system with RAN IP gateway and methods |
US7406068B2 (en) | 2002-03-26 | 2008-07-29 | Interdigital Technology Corporation | TDD-RLAN wireless telecommunication system with RAN IP gateway and methods |
US8432893B2 (en) | 2002-03-26 | 2013-04-30 | Interdigital Technology Corporation | RLAN wireless telecommunication system with RAN IP gateway and methods |
US7505431B2 (en) | 2002-03-26 | 2009-03-17 | Interdigital Technology Corporation | RLAN wireless telecommunication system with RAN IP gateway and methods |
AU2002307899A1 (en) * | 2002-04-25 | 2003-11-10 | Nokia Corporation | Method and network system for charging a roaming network subscriber |
FI20020982A (en) * | 2002-05-24 | 2003-11-25 | Sonera Oyj | Authentication method and arrangement |
CN100409613C (en) * | 2002-08-08 | 2008-08-06 | 中兴通讯股份有限公司 | Authority discrimination charging method based on combined radio local area web and CDMA system |
KR100547371B1 (en) * | 2002-09-12 | 2006-01-26 | 주식회사 케이티 | Location-based realtime auto-group service method on the public W-LAN |
US20040203751A1 (en) * | 2002-10-21 | 2004-10-14 | Excino Technologies Inc. | Peer-to-peer (P2P) collaborative system for service aggregation, rapid service provisioning and service roaming |
JP2004343448A (en) * | 2003-05-15 | 2004-12-02 | Matsushita Electric Ind Co Ltd | Authentication system for wireless lan access |
KR100539547B1 (en) * | 2003-08-20 | 2005-12-29 | 엘지전자 주식회사 | System and Control Method for Assent Internet Connection |
KR101049635B1 (en) | 2003-12-30 | 2011-07-14 | 주식회사 케이티 | Roaming Service between Public WLAN and Enterprise WLAN |
TW200614783A (en) * | 2004-07-20 | 2006-05-01 | Ibm | Communication apparatus, communication system, communication method, communication service method, program, and recording medium |
US20060223499A1 (en) * | 2005-03-30 | 2006-10-05 | Pecen Mark E | Broadcast subscription management method and apparatus |
CN100417146C (en) * | 2005-04-30 | 2008-09-03 | 华为技术有限公司 | Method for power discrimination and charging and external user interface gateway |
US7649888B2 (en) * | 2006-07-14 | 2010-01-19 | Futurewei Technologies, Inc. | System for link independent multi-homing in heterogeneous access networks |
US8509815B1 (en) * | 2009-05-21 | 2013-08-13 | Sprint Communications Company L.P. | Dynamically updating a home agent with location-based information |
CN106257862B (en) * | 2015-06-19 | 2019-09-17 | 中兴新能源汽车有限责任公司 | The method and device of wireless charging device certification and charging server certification |
US10637655B1 (en) * | 2018-01-09 | 2020-04-28 | Amdocs Development Limited | System, method, and computer program for providing seamless data access from different internet service providers |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6256620B1 (en) * | 1998-01-16 | 2001-07-03 | Aspect Communications | Method and apparatus for monitoring information access |
US6158010A (en) * | 1998-10-28 | 2000-12-05 | Crosslogix, Inc. | System and method for maintaining security in a distributed computer network |
-
2000
- 2000-09-15 GB GB0022604A patent/GB2366948B/en not_active Expired - Fee Related
-
2001
- 2001-08-03 DE DE60130857T patent/DE60130857T2/en not_active Expired - Lifetime
- 2001-08-03 EP EP01203097A patent/EP1199843B1/en not_active Expired - Lifetime
- 2001-09-17 US US09/953,369 patent/US20020034298A1/en not_active Abandoned
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008048756A2 (en) * | 2006-10-16 | 2008-04-24 | Motorola Inc. | Method and apparatus for re-registration of connections for service continuity |
WO2008048756A3 (en) * | 2006-10-16 | 2008-08-21 | Motorola Inc | Method and apparatus for re-registration of connections for service continuity |
US7746836B2 (en) | 2006-10-16 | 2010-06-29 | Motorola, Inc. | Method and apparatus for re-registration of connections for service continuity in an agnostic access internet protocol multimedia communication system |
US8213394B2 (en) | 2006-10-16 | 2012-07-03 | Motorola Mobility, Inc. | Method and apparatus for management of inactive connections for service continuity in an agnostic access internet protocol multimedia communication |
US9148903B2 (en) | 2006-10-16 | 2015-09-29 | Google Technology Holdings LLC | Method and apparatus for management of inactive connections for service continuity in an agnostic internet protocol multimedia communication system |
EP2337388A3 (en) * | 2009-12-21 | 2011-08-31 | France Telecom | Method for secure access by at least one visitor terminal to a host network |
Also Published As
Publication number | Publication date |
---|---|
DE60130857T2 (en) | 2008-07-24 |
EP1199843A3 (en) | 2003-08-27 |
US20020034298A1 (en) | 2002-03-21 |
EP1199843B1 (en) | 2007-10-10 |
GB2366948B (en) | 2004-01-21 |
EP1199843A2 (en) | 2002-04-24 |
DE60130857D1 (en) | 2007-11-22 |
GB0022604D0 (en) | 2000-11-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1199843B1 (en) | Lan user protocol | |
CN1330214C (en) | Interactive method for re-selecting operating network to wireless local network | |
US6950628B1 (en) | Method for grouping 802.11 stations into authorized service sets to differentiate network access and services | |
CN101150594B (en) | Integrated access method and system for mobile cellular network and WLAN | |
US7193985B1 (en) | System and method for managing foreign agent selections in a mobile internet protocol network | |
US7590732B2 (en) | Enhancement of AAA routing originated from a local access network involving intermediary network preferences | |
JP3984993B2 (en) | Method and system for establishing a connection through an access network | |
US7298725B2 (en) | Enhancement of AAA routing initiated from a home service network involving intermediary network preferences | |
CN1319337C (en) | Authentication method based on Ethernet authentication system | |
JP2020506588A (en) | Interworking function using unreliable network | |
US20050059398A1 (en) | Telecommunication method and system | |
EP1712058A1 (en) | Method and system for the secure and transparent provision of mobile ip services in an aaa environment | |
JP2005503087A (en) | Mobile internet communication apparatus and method | |
WO2006024969A1 (en) | Wireless local area network authentication method | |
US20040010713A1 (en) | EAP telecommunication protocol extension | |
NO342167B1 (en) | Authentication in mobile collaboration systems | |
CN103052064A (en) | Method, equipment and system for accessing private services of operator | |
CN100355251C (en) | Method for sending a ata of user mark after renewing | |
CN101330528B (en) | Mobile IP network optimization system and implementing method thereof | |
EP1448000B1 (en) | Method and system for authenticating a subscriber | |
EP1521429B1 (en) | Delivering additional information needed in connection setup |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
732E | Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977) |
Free format text: REGISTERED BETWEEN 20100826 AND 20100901 |
|
PCNP | Patent ceased through non-payment of renewal fee |
Effective date: 20190915 |